{
 "cells": [
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {},
   "outputs": [],
   "source": [
    "# -*- coding: utf-8 -*-\n",
    "from miasm.analysis.machine import Machine\n",
    "from miasm.arch.x86.arch import mn_x86\n",
    "from miasm.core import parse_asm, asmblock\n",
    "from miasm.core.locationdb import LocationDB\n",
    "from miasm.analysis.binary import Container\n",
    "from future.utils import viewitems\n",
    "from miasm.loader.strpatchwork import *\n",
    "from miasm.analysis.data_flow import *\n",
    "from miasm.jitter.csts import PAGE_READ, PAGE_WRITE"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {},
   "outputs": [],
   "source": [
    "# TODO\n",
    "# Please add some assemble code to protect 'MOV ECX, 0x23' from dead code elimination\n",
    "\n",
    "# From Here--------------------------------------------\n",
    "\n",
    "loc_db = LocationDB()\n",
    "asmcfg = parse_asm.parse_txt(mn_x86, 32, ''' \n",
    "main:\n",
    "    PUSH EBP\n",
    "    MOV EBP, ESP\n",
    "    MOV ECX, 0x23\n",
    "    MOV EDX, EAX\n",
    "    MUL EDX\n",
    "    CMP EAX, -1\n",
    "    JNZ label\n",
    "    MOV DWORD PTR [0xDEADBEEF], ECX\n",
    "\n",
    "label:\n",
    "    MOV ECX, 0x4\n",
    "    MOV EAX, ECX\n",
    "    POP EBP\n",
    "    RET\n",
    "''', loc_db)\n",
    "\n",
    "# To HERE --------------------------------------------"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {},
   "outputs": [],
   "source": [
    "loc_db.set_location_offset(loc_db.get_name_location('main'), 0x0)\n",
    "\n",
    "patches = asmblock.asm_resolve_final(mn_x86, asmcfg)\n",
    "patch_worker = StrPatchwork()\n",
    "for offset, raw in patches.items():\n",
    "    patch_worker[offset] = raw\n",
    "    \n",
    "cont = Container.from_string(array_tobytes(patch_worker.s), loc_db=loc_db)\n",
    "machine = Machine('x86_32')\n",
    "mdis = machine.dis_engine(cont.bin_stream, loc_db=loc_db)\n",
    "asmcfg2 = mdis.dis_multiblock(0)\n",
    "ir_arch = machine.ira(loc_db)\n",
    "ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg2)"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {},
   "outputs": [],
   "source": [
    "print('Before Simplification:')\n",
    "for lbl, irb in viewitems(ircfg.blocks):\n",
    "    print(irb)"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {},
   "outputs": [],
   "source": [
    "deadrm = DeadRemoval(ir_arch)\n",
    "deadrm(ircfg)"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {},
   "outputs": [],
   "source": [
    "print('After Simplification:')\n",
    "\n",
    "for lbl, irb in viewitems(ircfg.blocks):\n",
    "    print(irb)"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {},
   "outputs": [],
   "source": [
    "# jitter to confirm that the branch is not actually taken\n",
    "def code_sentinelle(jitter):\n",
    "    jitter.run = False\n",
    "    jitter.pc = 0\n",
    "    return True\n",
    "\n",
    "myjit = Machine('x86_32').jitter(loc_db, 'python')\n",
    "myjit.init_stack()\n",
    "run_addr = 0x00000000\n",
    "myjit.vm.add_memory_page(run_addr, PAGE_READ | PAGE_WRITE, array_tobytes(patch_worker.s))\n",
    "myjit.set_trace_log()\n",
    "myjit.push_uint32_t(0x1337beef)\n",
    "myjit.add_breakpoint(0x1337beef, code_sentinelle)\n",
    "myjit.init_run(run_addr)\n",
    "myjit.continue_run()"
   ]
  }
 ],
 "metadata": {
  "kernelspec": {
   "display_name": "Python 3",
   "language": "python",
   "name": "python3"
  },
  "language_info": {
   "codemirror_mode": {
    "name": "ipython",
    "version": 3
   },
   "file_extension": ".py",
   "mimetype": "text/x-python",
   "name": "python",
   "nbconvert_exporter": "python",
   "pygments_lexer": "ipython3",
   "version": "3.6.9"
  }
 },
 "nbformat": 4,
 "nbformat_minor": 4
}
